Title :
The network coordinative forensics technology base on data provenance
Author :
Huang Wen ; Wen Chun-sheng
Author_Institution :
Network Center, Hunan Univ. of Sci. & Eng., Yongzhou, China
Abstract :
At present there is no good security tool that can directly associate analysis to the multi-step attack on network, and reconstruct invading process to obtain the criminal evidence. So a new approach of network coordinative forensics based on data provenance was presented: Set up a log server with SYSLOG mechanism, obtain logs provenance databases with Perm rewrite technology, position multi-step attacker with where provenance, and reconfiguration attack process with why provenance. Data provenance theory and experiment results proved that the new approach is feasible and effective.
Keywords :
computer forensics; computer network security; data analysis; rewriting systems; Perm rewrite technology; SYSLOG mechanism; association analysis; criminal evidence; data provenance; multi-step attack; network coordinative forensics; reconfiguration attack process; Compounds; Computers; Databases; Fires; Forensics; IP networks; Security; association analysis; coordinative forensics; data provenance; multi-step attack; perm;
Conference_Titel :
Information Technology and Artificial Intelligence Conference (ITAIC), 2011 6th IEEE Joint International
Conference_Location :
Chongqing
Print_ISBN :
978-1-4244-8622-9
DOI :
10.1109/ITAIC.2011.6030276
